[squid-users] Re: Hello.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 12 Nov 2005 02:23:37 +0100 (CET)

On Fri, 11 Nov 2005, Hunt, Ralph wrote:

> Hello, I hope you get a chance to answer this. I have been looking for an
> answer to this question for a little while, and would like to know if there
> is/or will be, any transparent login through LDAP.

Not likely for quite some time. This is mainly due to limitations in the
capabilities of the browsers, not so much Squid. (Squid can always be
extended with new funtionality, much harder to do the same on the
clients...)

For automatic proxy authentication to work you must be logged in to your
stations desktop using a login method supporting "single-sign-on", and
your browser must implement using the same while talking to a proxy
without promting the user for login information again.

In todays world the only two widely deployed login schemes fulfilling this
is the Microsoft NTLM and Negotiate (used for kerberos) schemes. In
addition many browsers support saving the proxy login credentials but this
is not really the same thing.

But it would be great seeing browsers/desktops also support single-sign-on
using the standard Digest scheme. Digest is at least as secure as NTLM in
terms of protecting the users actual password, and more safe from
hijacking.

Regards
Henrik
Received on Fri Nov 11 2005 - 18:23:45 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST